#include <vnet/tls/tls_test.h>
#include <svm/fifo_segment.h>
-typedef struct _stream_session_cb_vft
+typedef struct certificate_
+{
+ u32 *app_interests; /* vec of application index asking for deletion cb */
+ u32 cert_key_index; /* index in cert & key pool */
+ u8 *key;
+ u8 *cert;
+} app_cert_key_pair_t;
+
+typedef struct session_cb_vft_
{
/** Notify server of new segment */
- int (*add_segment_callback) (u32 api_client_index, u64 segment_handle);
+ int (*add_segment_callback) (u32 app_wrk_index, u64 segment_handle);
/** Notify server of new segment */
- int (*del_segment_callback) (u32 api_client_index, u64 segment_handle);
+ int (*del_segment_callback) (u32 app_wrk_index, u64 segment_handle);
/** Notify server of newly accepted session */
int (*session_accept_callback) (session_t * new_session);
/** Notify app that session was reset */
void (*session_reset_callback) (session_t * s);
+ /** Notify app that session pool migration happened */
+ void (*session_migrate_callback) (session_t * s, session_handle_t new_sh);
+
/** Direct RX callback for built-in application */
int (*builtin_app_rx_callback) (session_t * session);
/** Direct TX callback for built-in application */
int (*builtin_app_tx_callback) (session_t * session);
+ /** Cert and key pair delete notification */
+ int (*app_cert_key_pair_delete_callback) (app_cert_key_pair_t * ckpair);
+
+ /** Delegate fifo-tuning-logic to application */
+ int (*fifo_tuning_callback) (session_t * s, svm_fifo_t * f,
+ session_ft_action_t act, u32 bytes);
+
} session_cb_vft_t;
#define foreach_app_init_args \
u8 *key;
} vnet_app_add_tls_key_args_t;
-typedef enum tls_engine_type_
+typedef enum crypto_engine_type_
{
- TLS_ENGINE_NONE,
- TLS_ENGINE_MBEDTLS,
- TLS_ENGINE_OPENSSL,
- TLS_N_ENGINES
-} tls_engine_type_t;
+ CRYPTO_ENGINE_NONE,
+ CRYPTO_ENGINE_OPENSSL,
+ CRYPTO_ENGINE_MBEDTLS,
+ CRYPTO_ENGINE_VPP,
+ CRYPTO_ENGINE_PICOTLS,
+ CRYPTO_ENGINE_LAST = CRYPTO_ENGINE_PICOTLS,
+} crypto_engine_type_t;
+
+typedef struct _vnet_app_add_cert_key_pair_args_
+{
+ u8 *cert;
+ u8 *key;
+ u32 index;
+} vnet_app_add_cert_key_pair_args_t;
+
+typedef struct crypto_ctx_
+{
+ u32 ctx_index; /**< index in crypto context pool */
+ u32 n_subscribers; /**< refcount of sessions using said context */
+ u32 ckpair_index; /**< certificate & key */
+ u8 crypto_engine;
+ void *data; /**< protocol specific data */
+} crypto_context_t;
/* Application attach options */
typedef enum
APP_OPTIONS_PROXY_TRANSPORT,
APP_OPTIONS_ACCEPT_COOKIE,
APP_OPTIONS_TLS_ENGINE,
+ APP_OPTIONS_MAX_FIFO_SIZE,
+ APP_OPTIONS_HIGH_WATERMARK,
+ APP_OPTIONS_LOW_WATERMARK,
+ APP_OPTIONS_PCT_FIRST_ALLOC,
APP_OPTIONS_N_OPTIONS
} app_attach_options_index_t;
clib_error_t *vnet_app_add_tls_cert (vnet_app_add_tls_cert_args_t * a);
clib_error_t *vnet_app_add_tls_key (vnet_app_add_tls_key_args_t * a);
+int vnet_app_add_cert_key_pair (vnet_app_add_cert_key_pair_args_t * a);
+int vnet_app_del_cert_key_pair (u32 index);
+/** Ask for app cb on pair deletion */
+int vnet_app_add_cert_key_interest (u32 index, u32 app_index);
typedef struct app_session_transport_
{
#undef _
} app_session_t;
+typedef struct session_listen_msg_
+{
+ u32 client_index;
+ u32 context; /* Not needed but keeping it for compatibility with bapi */
+ u32 wrk_index;
+ u32 vrf;
+ u16 port;
+ u8 proto;
+ u8 is_ip4;
+ ip46_address_t ip;
+ u32 ckpair_index;
+ u8 crypto_engine;
+} __clib_packed session_listen_msg_t;
+
+STATIC_ASSERT (sizeof (session_listen_msg_t) <= SESSION_CTRL_MSG_MAX_SIZE,
+ "msg too large");
+
+typedef struct session_listen_uri_msg_
+{
+ u32 client_index;
+ u32 context;
+ u8 uri[56];
+} __clib_packed session_listen_uri_msg_t;
+
+STATIC_ASSERT (sizeof (session_listen_uri_msg_t) <= SESSION_CTRL_MSG_MAX_SIZE,
+ "msg too large");
+
typedef struct session_bound_msg_
{
u32 context;
u8 segment_name[128];
} __clib_packed session_bound_msg_t;
+typedef struct session_unlisten_msg_
+{
+ u32 client_index;
+ u32 context;
+ u32 wrk_index;
+ session_handle_t handle;
+} __clib_packed session_unlisten_msg_t;
+
typedef struct session_unlisten_reply_msg_
{
u32 context;
u64 segment_handle;
uword vpp_event_queue_address;
transport_endpoint_t rmt;
+ u8 flags;
} __clib_packed session_accepted_msg_t;
typedef struct session_accepted_reply_msg_
u64 handle;
} __clib_packed session_accepted_reply_msg_t;
-/* Make sure this is not too large, otherwise it won't fit when dequeued in
- * the session queue node */
-STATIC_ASSERT (sizeof (session_accepted_reply_msg_t) <= 16, "accept reply");
+typedef struct session_connect_msg_
+{
+ u32 client_index;
+ u32 context;
+ u32 wrk_index;
+ u32 vrf;
+ u16 port;
+ u8 proto;
+ u8 is_ip4;
+ ip46_address_t ip;
+ ip46_address_t lcl_ip;
+ u8 hostname_len;
+ u8 hostname[16];
+ u64 parent_handle;
+ u32 ckpair_index;
+ u8 crypto_engine;
+ u8 flags;
+} __clib_packed session_connect_msg_t;
+
+STATIC_ASSERT (sizeof (session_connect_msg_t) <= SESSION_CTRL_MSG_MAX_SIZE,
+ "msg too large");
+
+typedef struct session_connect_uri_msg_
+{
+ u32 client_index;
+ u32 context;
+ u8 uri[56];
+} __clib_packed session_connect_uri_msg_t;
+
+STATIC_ASSERT (sizeof (session_connect_uri_msg_t) <=
+ SESSION_CTRL_MSG_MAX_SIZE, "msg too large");
typedef struct session_connected_msg_
{
transport_endpoint_t lcl;
} __clib_packed session_connected_msg_t;
+typedef struct session_disconnect_msg_
+{
+ u32 client_index;
+ u32 context;
+ session_handle_t handle;
+} __clib_packed session_disconnect_msg_t;
+
typedef struct session_disconnected_msg_
{
u32 client_index;
u64 segment_handle;
} __clib_packed session_worker_update_reply_msg_t;
+typedef struct session_app_detach_msg_
+{
+ u32 client_index;
+ u32 context;
+} session_app_detach_msg_t;
+
+typedef struct app_map_another_segment_msg_
+{
+ u32 client_index;
+ u32 context;
+ u8 fd_flags;
+ u32 segment_size;
+ u8 segment_name[128];
+ u64 segment_handle;
+} session_app_add_segment_msg_t;
+
+typedef struct app_unmap_segment_msg_
+{
+ u32 client_index;
+ u32 context;
+ u64 segment_handle;
+} session_app_del_segment_msg_t;
+
+typedef struct session_migrate_msg_
+{
+ uword vpp_evt_q;
+ session_handle_t handle;
+ session_handle_t new_handle;
+ u32 vpp_thread_index;
+} __clib_packed session_migrated_msg_t;
+
+typedef struct session_cleanup_msg_
+{
+ session_handle_t handle;
+} __clib_packed session_cleanup_msg_t;
+
typedef struct app_session_event_
{
svm_msg_q_msg_t msg;
svm_msg_q_lock_and_alloc_msg_w_ring (mq,
SESSION_MQ_CTRL_EVT_RING,
SVM_Q_WAIT, &app_evt->msg);
- svm_msg_q_unlock (mq);
app_evt->evt = svm_msg_q_msg_data (mq, &app_evt->msg);
clib_memset (app_evt->evt, 0, sizeof (*app_evt->evt));
app_evt->evt->event_type = evt_type;
static inline void
app_send_ctrl_evt_to_vpp (svm_msg_q_t * mq, app_session_evt_t * app_evt)
{
- svm_msg_q_add (mq, &app_evt->msg, SVM_Q_WAIT);
+ svm_msg_q_add_and_unlock (mq, &app_evt->msg);
}
/**
return -2;
}
msg = svm_msg_q_alloc_msg_w_ring (mq, SESSION_MQ_IO_EVT_RING);
- if (PREDICT_FALSE (svm_msg_q_msg_is_invalid (&msg)))
- {
- svm_msg_q_unlock (mq);
- return -2;
- }
evt = (session_event_t *) svm_msg_q_msg_data (mq, &msg);
evt->session_index = session_index;
evt->event_type = evt_type;
else
{
svm_msg_q_lock (mq);
- while (svm_msg_q_ring_is_full (mq, SESSION_MQ_IO_EVT_RING))
+ while (svm_msg_q_ring_is_full (mq, SESSION_MQ_IO_EVT_RING)
+ || svm_msg_q_is_full (mq))
svm_msg_q_wait (mq);
msg = svm_msg_q_alloc_msg_w_ring (mq, SESSION_MQ_IO_EVT_RING);
evt = (session_event_t *) svm_msg_q_msg_data (mq, &msg);
evt->session_index = session_index;
evt->event_type = evt_type;
- if (svm_msg_q_is_full (mq))
- svm_msg_q_wait (mq);
svm_msg_q_add_and_unlock (mq, &msg);
return 0;
}